logo

哈达波斯网|专注网站

知识文档

使用P3P协议实现跨域、同步登录

知识文档  2021/9/15 14:18:09  管理员  

P3P的头部参数解释引用:

代码如下:


P3P Header is present:
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

 

Compact Policy token is present. A trailing 'o' means opt-out, a trailing 'i' means opt-in.

存在紧凑策略令牌。末尾的“o”表示选择退出,末尾的“i”表示选择加入。

CURa
Information is used to complete the activity for which it was provided.

信息用于完成为其提供的活动。

ADMa
Information may be used for the technical support of the Web site and its computer system.

信息可能被用于本网站及其计算机系统的技术支持。

DEVa
Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market.

信息可能被用来加强、评估或以其他方式审查网站、服务、产品或市场。

PSAo
Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals.

信息可用于创建或建立与假名标识符关联的特定个人或计算机的记录,而不需要将已识别的数据(如姓名、地址、电话号码或电子邮件地址)绑定到记录中。此简介将用于确定个人的习惯、兴趣或其他特征,以进行研究、分析和报告,但它不会用于试图确定具体的个人。

PSDo
Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals.

信息可用于创建或建立与假名标识符关联的特定个人或计算机的记录,而不需要将已识别的数据(如姓名、地址、电话号码或电子邮件地址)绑定到记录中。此简介将用于确定个人的习惯、兴趣或其他特征,以作出直接影响该个人的决定,但它不会用于试图识别特定的个人。

OUR
We share information with ourselves and/or entities acting as our agents or entities for whom we are acting as an agent.

我们与自己和/或作为我们代理的实体或作为我们代理的实体共享信息。

BUS
Info is retained under a service provider's stated business practices. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy.

信息是根据服务提供商声明的业务惯例保留的。网站必须有一个保留政策,建立一个销毁时间表。保留政策必须包含在用户可读的网站隐私政策中或与之链接。

UNI
Non-financial identifiers, excluding government-issued identifiers, issued for purposes of consistently identifying or recognizing the individual. These include identifiers issued by a Web site or service.

非财务标识符,不包括政府签发的标识符,用于一致识别或识别个人。这包括由网站或服务发出的标识符。

PUR
Information actively generated by the purchase of a product or service, including information about the method of payment.

在购买产品或服务时主动产生的信息,包括有关支付方式的信息。

INT
Data actively generated from or reflecting explicit interactions with a service provider through its site -- such as queries to a search engine, or logs of account activity.

通过服务提供商的网站主动生成或反映其与服务提供商的明确交互的数据,例如对搜索引擎的查询,或账户活动日志。

DEM
Data about an individual's characteristics -- such as gender, age, and income.

有关个人特征的数据,如性别、年龄和收入。

STA
Mechanisms for maintaining a stateful session with a user or automatically recognizing users who have visited a particular site or accessed particular content previously -- such as HTTP cookies.

用于维护与用户的有状态会话或自动识别以前访问过特定站点或访问过特定内容的用户的机制——例如HTTP cookie。

PRE
Data about an individual's likes and dislikes -- such as favorite color or musical tastes.

个人喜好的数据,比如喜欢的颜色或音乐品味。

COM
Information about the computer system that the individual is using to access the network -- such as the IP number, domain name, browser type or operating system.

个人用于访问网络的计算机系统信息,如IP号、域名、浏览器类型或操作系统。

NAV
Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.

通过浏览网站被动生成的数据,比如访问了哪些页面,用户在每个页面停留的时间。

OTC
Other types of data not captured by the above definitions.

上述定义未捕获的其他数据类型。

NOI
Web Site does not collected identified data.

网站不收集识别的数据。

DSP
The privacy policy contains DISPUTES elements.
隐私政策包含争议元素。

COR
Errors or wrongful actions arising in connection with the privacy policy will be remedied by the service.

与隐私政策有关的错误或错误行为将由本服务予以纠正。


PS,这里说的跨域主要是设置cookie的情况,如果是跨域读取cookie,要保证在对应设置cookie的时候设置了P3P,否则在读取的事情IE会屏蔽跨域cookie。

网站首页  | 最新公告  | 漏洞修补  | 网站模板  | 知识文档  | 与我联系
Copyright © 2015 jlasp.com All Rights Reserved.
哈达波斯网|专注网站 版权所有
地址:吉林省吉林市昌邑区 联系QQ:383612004 联系人:董先生
未经本站授权,禁止复制或建立镜像,内容仅用于学习参考!
ICP备案号:吉ICP备15000891号-1 | 

吉公网安备 22020202000301号